mirror of
https://github.com/roytam1/palemoon27.git
synced 2026-05-26 05:37:11 +00:00
roytam1
25a43ca130
- Bug 1252882 - Content-Signature Service - some tests r=keeler,r=fkiefer (7fc1f726a4)
- Bug 1265085 - Replace verification source with a SAN in the content signature verifier interface. r=Cykesiopka,r=fkiefer (0881ba797d)
- Bug 1242820 - Disable devtools/shared/security/tests/unit/test_oob_crt_auth.js and test_encryption.js on emulator-x86-kk; r=jryans (746802bb0e)
- Bug 1264706: Move nsILocalCertService, and implementation, to security/manager/ssl in order to alloow use w use elsewhere in gecko. r=dkeeler (6f2200f2a6)
- Bug 1219088 - Clear the session cache when a weak crypto override is revoked. r=keeler (456e2ce3e6)
- Bug 550185 - Ensure nsCertTree::GetCellText returns an initialized value. r=kaie (ee356452a5)
- Bug 1252384 - Remove nsICertTree.isHostPortOverride(). r=dkeele It is unused since the changes in Bug 825583 landed. (61400adad7)
- reorder as Bug 1411458 (600fc338a9)
- bug 1264761 - improve handling of x509 versions in certificate manager r=Cykesiopka (a89237c66d)
- Bug 1263857 - (followup) Disable windows crash reporter on automated tests. r=sfink (bb9581fec9)
- bug 1263221 - improve how PSM handles the visibility of __CERT_AddTempCertToPerm r=chmanchester,mgoodwin (d9fd09d9a6)
- bug 1182742 - allow users to override small key size errors r=rbarnes (b09074987b)
- Bug 1252722 - Fully implement nsNSSShutDownObject everywhere. r=keeler (8c1a8df597)
- Bug 1252722 - Use smart pointers for NSS resources. r=keeler (b2ef34f9d2)
- Bug 1252722 - Ensure arguments of all public methods are checked. r=keeler (7064697e25)
- bug 1242032 - change some pipnss logging output from Debug to Verbose r=Cykesiopka (516c52da9f)
- Bug 1252722 - Improve handling of PK11_* function error codes. r=keeler (b47d13bd7e)
- Bug 1251801 - Ensure arguments of all public methods are checked. r=keeler (ffe77174e7)
- Bug 1127158 - Remove brittle debug only flag math in nsSecureBrowserUIImpl.cpp. r=dkeeler (410d25dc3e)
- Bug 1257246: Update security/manager for eslint 2. r=cykesiopka (bbdcf78264)
- bug 1218515 - flip pinning-test.badssl.com into production mode r=jcj DONTBUILD NPOTB (0d93e78cab)
- Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith (5a938e056c)
- Bug 1154399 - Part 1: De-templatize and un-inline IntegralValue. r=keeler (bcaa11a646)
- Bug 1154399 - Part 2: Simplify and un-inline OptionalVersion. r=keeler (a5a9bb5e46)
- Bug 1154399 - Part 3: Simplify OptionalExtensions. r=keeler (0d3f613cde)
- Bug 1154399 - Part 4: Simplify certificate parsing in OCSP responses. r=keeler (94aa90a96d)
- Bug 1189020 - Replace |// unnamed namespace| with |// namespace| in mozilla::pkix. r=Cykesiopka (bb016e13ac)
- bug 1255153 - (re)move redundant xpcshell name constraint tests to gtests r=Cykesiopka,jcj (d8597a3bb1)
- bug 1248099 - add extended key usage tests for mozilla::pkix r=Cykesiopka,jcj (f9c11a8ecc)
- Bug 1266298 - Add sys_fchmod to seccomp whitelist r=jld (e16608d738)
- Bug 1268579 - Add inotify_rm_watch to the seccomp-bpf whitelist. r=jld (c20823e237)
- Bug 1176099 - Add hooks for sigprocmask/pthread_sigmask. r=jld r=glandium (55d16a8e41)
- Bug 1176099 - Fix missing NULL check r=luke (2f6e6e3836)
- Bug 1245789 - Use ifdef MOZ_WIDEVINE_EME to prevent compilation when not enabled. r=gerald (40d13ca2d9)
- Bug 1267453 - Amazon Widevine rejects HDCP on MacBook Pro with or without an external display. r=gcp (5366006c54)
- Bug 1268379 - Delay WMF checks in GMPParent - r=jesup (0f6642fdcc)
- bit of Bug 1245789 - Push detection of WMF decoding (e60b0634de)
- missing bit of 1267453 (573b867a62)
- Bug 1243594 (part 3) - leave the utf-8 encoding of the payload to rest.js instead of directly in loop. r=Standard8 (7781df1275)
- Bug 1243594 (part 2) - have rest.js automatically encode the request body as utf-8. r=gfritzsche (fd98dddf43)
- Bug 1246938 - Allow extra headers to be passed via hawk requests. r=markh (3692244524)
- Bug 1239354: Replace old-style generator function with star functions. r=asuth (a7793a89aa)
- Bug 1217982 - Remove for-each from storage/. r=mak (bbff0f0b7b)
- Bug 1095739 - Allow a "new user" experience to happen subsequent to Firefox being uninstalled. r=gijs r=jimm (2d846f8338)
- Bug 1251819 - Use the classic Control Panel if the Settings app believes the current Windows logon is a Microsoft account while actually it is not. r=jimm (e93f2cac88)
- Bug 1258728 - keep remote newtab version in a pref r=ursula (6f9bacf2ac)
- Bug 1223510, part 1 - Always finishTest() in test_nonUnicode.html. r=baku (ba3fb681ad)
- Bug 1223510, part 2 - Make ArchiveReader tests use pushPrefEnv. r=baku (5a4a5f9a7a)
- Bug 1223510, part 3 - Change where generator is created. r=baku Mostly this lets us take advantage of things created during the initial setup. (ee337d83de)
- Bug 1220304 - Part 1 - Make test_XHRSendData.html use SpecialPowers.createFiles(). r=baku (91fc25f3b7)
- Bug 1220304 - Part 2 - Make ArchiveReader tests use SpecialPowers.createFiles(). r=baku (5a0bfc4200)
- Bug 1267966 - Remove the deprecation warning from Attr.ownerElement; r=baku (cfd8910f2f)
- Bug 1269646 - Console API should be NOP after window-inner-destroyed, r=smaug (c4e5959d1f)
- Bug 1263392 - ConsoleCallData::mStatus should be set also when ConsoleCallData is not used in workers, r=smaug (10358e33a1)
- Bug 1268361 - Strip leading '?' in new URLSearchParams(query), r=smaug (a1a5075185)
- Bug 1052139 - Make more objects on the global prototype chain have immutable [[Prototype]], when we enable enforcement of this requirement. r=bz (8e48cfc3d6)
- Bug 1267932 - Update EventSource.webidl, r=ehsan (41532a54d5)
- Bug 1269383 - Remove dom.server-events.enabled pref, r=smaug (21e65b8436)
- Bug 1237077 - Part 1: drag an URL into new tab should inherit userContextId. r=Gijs, tanvi (f27d38ef25)
- Bug 1237077 - Part 3: use createCodebasePrincipal. r=tanvi (7da7268d47)
- Bug 1264270 - Parser should output attributes in source order, not reversed; r=hsivonen,bgrins (2f78eda012)
- Bug 1268721, part 1 - Use early continue in TransferableToIPCTransferable. r=jimm (317ab04f38)
- Bug 1268721, part 2 - Null check first argument to nsContentUtils::GetSurfaceData(). r=jimm (544d181021)
- Bug 1272203 (part 3) - Use NotNull in nsContentUtils::GetSurfaceData(). r=froydnj. (65e488c4f8)
- Bug 1272203 (part 1) - Add mozilla::NotNull to MFBT. r=froydnj. (4653d120fc)
- Bug 964092: don't let DOM DataChannels get GC'd if they have an active callback r=smaug,jib (c9c291f44a)
- Bug 1224186: Implement DOMTokenlist.replace r=baku,Ms2ger (329f4f942e)
- Bug 1265715 - Part 1. Pull Mode out of nsDisplayListBuilder; r=jfkthame (2c7cae0f3a)
- Bug 1265715 - Part 2. Add nsDisplayListBuilderMode parameter into nsLayoutUtils::PaintFrame; r=jfkthame (5ecabbda5d)
- Bug 1264949 - Ensure that the display list does not contain any background-image/background-color display item; r=jfkthame (018a7aec15)
- Bug 1265715 - Part 3. Use nsLayoutUtils::PaintFrame in ClipBackgroundByText; r=jfkthame (182a700fa6)
- Bug 1265715 - Part 4. Fix transform problem; r=jfkthame (37f77bf24b)
- Bug 1265715 - Part 5. bg-clip:text transform reftest; r=jfkthame (44778bcfd7)
- Bug 1267209 - Convert nsLayoutUtils::PaintFrame flags to be an enum class. r=jfkthame (4f304b84f1)
- Bug 1267530 part 1 - Add some profiler marker for fullscreen transition. r=smaug,BenWa (3580b0a556)
- Bug 1267530 part 2 - Add ASCII art explaination of flow of fullscreen transition. r=smaug (6bee4c9db6)
- Bug 1265280 - Temporary debugging code to crash with a useful abort message. r=khuey (43d532166f)
- Bug 1232939 - Ensure the opaque region of a fixed background layer is correctly clipped. r=mstange (cc2118e0a0)
- Bug 735857 - Treat background-attachment:fixed as background-attachment:scroll if it's on a non-root element affected by a transform. r=mstange (273d62aabf)
- Bug 735857 - Factor out a helper function nsLayoutUtils::IsTransformed(). r=mstange (61528fafef)
- Bug 1263286 - Move base-uri CSP check into SetBaseURIUsingFirstBaseWithHref. r=bz (03114b2fcb)
- Bug 1227327 - Allow specifying a background rect for background dislay items. r=mattwoodrow (410ef269eb)
- Bug 1227327 - Make fieldset frames build nsDisplayBackgroundImage items. r=mattwoodrow (9a3a8953b4)
- Fix temporary debugging patch for bug 1265280 so we'll hit the condition. r=khuey (fd30f8f0b4)
- Bug 1265715 - followup - Correct dirty region; r=me (38fc76e698)
- Bug 550426 - Use background-position-x/y in ActiveLayerTracker. r=dbaron (4f154a39dd)
- Bug 1266131 part 1 - [css-grid] 'order' doesn't apply to grid-aligned abs.pos. descendants (anymore). r=dholbert (ba8aa18fea)
- Bug 1266131 part 2 - [css-grid] Remove unused nsDisplayList::SortByCSSOrder() function. r=dholbert (b676c48a26)
- Bug 550426 - Add support for {background,mask}-position-{x,y}, most of the style system changes. r=dbaron (3739a8ec58)
- Bug 550426 - Add support for {background,mask}-position-{x,y}, StyleAnimation changes. r=dbaron (0fd2f97a60)
- Bug 852754 - Part 4: Reduce max downscaling allowed to <3. r=mstange (399b851221)
- Bug 1266868, part 1 - Fix nsCSSValue::Array leaks in the StyleAnimationValue code. r=dholbert (c6fc4f7d9c)
- Bug 1266868, part 2 - Fix leaks of the values passed to nsCSSValue::.SetPairValue in the StyleAnimationValue code. r=dholbert (e5a1ff8603)
- Bug 1266868, part 3 - Avoid Maybe::ref() where not necessary. r=dholbert (8dd435fd5e)
- Back out bug 1164227, because bug 1236043 fixes the original problem in a better way. (6b734f0718)
- Bug 1267524 Part 1 - Use member initializer list for nsStyleOutline. r=heycam (d7cabb2ea8)
- Bug 1267524 Part 2 - Use member initializer list for nsStyleXUL. r=heycam (82107506a6)
- Bug 1267524 Part 3 - Use member initializer list for nsStyleColumn. r=heycam (80318b0056)
- Bug 1267524 Part 4.1 - Add Reset() and rewrite methods for nsStyleSVGPaint. r=heycam (02ba8762cb)
- Bug 1267524 Part 4.2 - Use member initializer list for nsStyleSVG. r=heycam (5531ed4a93)
- Bug 1267524 Part 5 - Use member initializer list for nsStyleSVGReset. r=heycam (4a72005b1b)
- Bug 1267524 Part 6 - Use member initializer list for nsStylePosition. r=heycam (cfd6a8b640)
- Bug 1267524 Part 7 - Use member initializer list for nsStyleTable. r=heycam (510678ed8b)
- Bug 1267524 Part 8 - Use member initializer list for nsStyleTableBorder. r=heycam (c1617af193)
- Bug 1267524 Part 9 - Use member initializer list for nsStyleColor. r=heycam (753afba9f8)
- Bug 1267524 Part 10 - Use member initializer list for nsStyleDisplay. r=heycam (a6cc7ce52b)
- Bug 1267524 Part 11 - Use member initializer list for nsStyleVisibility. r=heycam (c93d75480e)
- Bug 1267524 Part 12 - Use member initializer list for nsStyleContent. r=heycam (ccc17aa74a)
- Bug 1267524 Part 13 - Use member initializer list for nsStyleTextReset. r=heycam (fc8b6ae837)
- Bug 1267524 Part 14 - Use member initializer list for nsStyleText. r=heycam (d73abb7d32)
- Bug 1267524 Part 15 - Use member initializer list for nsStyleUserInterface. r=heycam (3964558f27)
- Bug 1267524 Part 16 - Use member initializer list for nsStyleUIReset. r=heycam (3154cbc7d2)
- Bug 1267524 Part 17 - Use member initializer list for nsStyleVariables. r=heycam (3d286d2299)
- Bug 1267524 Part 18 - Remove "void" from zero argument functions. r=heycam (57b1a87c19)
- Bug 1267524 Part 19 - Move nsStyleCoord members to initializer list. r=heycam (385231a406)
- Bug 1227327 - Invalidate table parts and MathML frames when background-position changes on them. r=dbaron (088fad2be7)
- Bug 1268290: stylo: Pass SheetParsingMode to Servo, r=bholley (f05d51b7b1)
- Bug 1267833 - Pass the RawServoStyleSet to Servo_GetComputedValuesForAnonymousBox. r=heycam (c4870e2005)
- Bug 1268392 - Make Servo_GetComputedValues take a node rather than an element. r=bholley (61230bdc1f)
- Bug 1268390 - Part 1: Factor out most of nsStyleSet::AddDocStyleSheet for re-use. r=bholley (5bd89657a1)
- Bug 1268390 - Part 2: Add bindings for Servo_InsertStyleSheetBefore. r=bholley (f83ea77d37)
- Bug 1268404 - Part 1: Split out ResolveStyleForText from ResolveStyleForNonElement and pass in the text node. r=bholley (dc40bbc9dc)
- Bug 1268404 - Part 2: Implement ServoStyleSet::ResolveStyleForText. r=bholley (0c6bffbd4b)
- Bug 1268748 - Implement {Resolve,Probe}PseudoElementStyle. r=heycam (cd674703d6)
- Bug 1267560 - Get style structs from ServoComputedValues rather than the rule node, when using the Servo-backed style system. r=bholley (62784ed0ee)
- Bug 1268290 followup: remove stray semicolon on a CLOSED TREE. (609540fab1)
- Bug 1268390 - Part 3: Add support for doc style sheets in ServoStyleSet. r=bholley (787cee0d54)
- Bug 1267564 - Implement a couple of Servo-backed style object methods. r=bholley (b27b0f78a0)
- Bug 1250820 - Part 1: Define scoped enum for CSSPseudoClass::Type. r=heycam (c2992f4c01)
- Bug 1250820 - Part 2: Replace nsCSSPseudoClasses::Type with CSSPseudoClassType. r=heycam (8102ab491b)
- Bug 1250820 - Part 3: Replace notPseudo with negation. r=heycam (94f4b95650)
- Bug 1250820 - Part 4: Add MAX to CSSPseudoClassType. r=heycam (85acf2bc45)
- Bug 1206961 - Use channel->AsyncOpen2() for imageLoader; Remove security checks from callsites (r=bz) (0d5b91ca12)
- Bug 1134163 - Part1.Modify animationstart event timing in order to fire event after end of pending task. r=birtles (e2c333fb8d)
- Bug 1134163 - Part2 - Modify animation tests which rely on animationstart timing. r=birtles (fb780f4298)
- Bug 1067769 - Part 1: Avoid doing RequestRestyle and mutation batch for null target. r=birtles (c3a0c1a1ef)
- Bug 1067769 - Part 2: Support nullable target in KeyframeEffect(ReadOnly) constructor. r=birtles (e8ac02ebf0)
- Bug 1067769 - Part 3: Test for KeyframeEffectReadOnly with null target. r=birtles (9ee7fc48c3)
- Bug 1067769 - Part 4: Add some simple tests for document.getAnimation() in wpt. r=birtles (77c18ad32a)
- Bug 1067769 - Part 5: Support setting KeyframeEffect.target webidl interface. r=smaug (cb450cd6f7)
- Bug 1067769 - Part 6: Rename NonOwningAnimationTarget.h to AnimationTarget.h. r=birtles (45083b4141)
- Bug 1067769 - Part 7: Define OwningAnimationTarget and use it. r=birtles (0a716665aa)
- Bug 1067769 - Part 8: Add ConvertTarget function. r=birtles (2663246043)
- Bug 1067769 - Part 9: Wrap RequestRestyle and UnregisterTarget. r=birtles (1deb75c7e0)
- Bug 1067769 - Part 10: Implement SetTarget(). r=birtles (0823f6da17)
- Bug 1067769 - Part 11: Implement animation mutation observer while setting the target. r=birtles (8224724c49)
- Bug 1067769 - Part 12: Use Maybe<OwningAnimationTarget> in KeyframeEffect(ReadOnly) constructors. r=birtles (e057c15804)
- Bug 1067769 - Part 13: Test for setting the target in basic cases. r=birtles (b6a638a268)
- Bug 1067769 - Part 14: Test for our animation mutation observer. r=birtles (5381522d25)
- Bug 1264067 - [css-grid] 'fr' min-sizing is now invalid. r=dholbert (abc7d63364)
- Bug 550426 - Add support for {background,mask}-position-{x,y}, computed style additions. r=dbaron (0dea650527)
- Bug 1266948 - text-decoration-color: currentcolor should not use value from -webkit-text-fill-color; r=jfkthame (9b36b2f493)
- Bug 1271590 - Rename timespecadd to moz_timespecadd. r=jandem (4b417dabae)
- Bug 550426 - Use background-position-x/y when detecting scroll-linked effects. r=dbaron (478331b348)
- Bug 1227327 - Use regular background drawing for XUL groupbox frames. r=mattwoodrow (db42359656)
- Bug 1260329 - Properly escape the frameTable when running |dmd.py --clamp-contents|. r=mccr8. (b40a5a0f49)
- Bug 1148544 - Update tests to work with new way of handling user agent overrides. r=jchen (2cede65d5b)
- Bug 1262326 - Make test_user_agent_overrides.html work in e10s r=nwgh (81c4d7ba00)
- Bug 1252094 - Export necko-config.h from moz.build; r=ted (0fcb2e3c2b)
- Bug 1180107: Factor out logic for determining whether a flex item's main size could influence cross size. r=mats (94b89305ea)
- Bug 1267471 - Check the snap info when comparing scroll metadata for equality. rs=botond (e5a40f0387)
- Bug 1257288 - Improve the APZ gtest infrastructure to make writing multi-FrameMetrics tests easier. r=kats (b4b898abc2)
- Bug 1256344 - Add a gtest to catch scenarios where the long-press block is interrupted by a non-touch block. r=botond (84982b1ba7)
- Bug 1265510 - Add a gtest for interrupting a scroll snap. r=botond (5f33cdadea)
- Bug 1246290 - Add a simple gtest to exercise the force-disabled-APZ codepaths. r=botond (be91113c70)
- Bug 1267470 - Move more fields from FrameMetrics to ScrollMetadata. r=kats (259f44ab15)
- Bug 1030952 part 4: For flex items with an aspect ratio, stomp on reflow state's main size *and cross size* in final reflow. r=mats (3f02ed9761)
- Bug 550426 - In PropertySupportsVariant, add {background,mask}-position-{x,y} to the list of properties that are parsed by functions. r=dbaron (b350dd9ec4)
- Bug 1258609: Initialize nsICanvasRenderingContextInternal with a DrawTarget instead of a gfxASurface. r=jrmuizel (236656c82d)
- Merge remote-tracking branch 'upstream/dev' into winbuild (c0659b547d)
- [mfbt] NotNull: VC2013 fix (86139057b8)
- layout: put back array initializations back to function body, fix VC2013 build. (3ac23f6474)
657 lines
22 KiB
C++
657 lines
22 KiB
C++
#include "nsContentSecurityManager.h"
|
|
#include "nsIChannel.h"
|
|
#include "nsIStreamListener.h"
|
|
#include "nsILoadInfo.h"
|
|
#include "nsContentUtils.h"
|
|
#include "nsCORSListenerProxy.h"
|
|
#include "nsIStreamListener.h"
|
|
|
|
#include "mozilla/dom/Element.h"
|
|
|
|
NS_IMPL_ISUPPORTS(nsContentSecurityManager,
|
|
nsIContentSecurityManager,
|
|
nsIChannelEventSink)
|
|
|
|
static nsresult
|
|
ValidateSecurityFlags(nsILoadInfo* aLoadInfo)
|
|
{
|
|
nsSecurityFlags securityMode = aLoadInfo->GetSecurityMode();
|
|
|
|
if (securityMode != nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS &&
|
|
securityMode != nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED &&
|
|
securityMode != nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS &&
|
|
securityMode != nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL &&
|
|
securityMode != nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
|
|
MOZ_ASSERT(false, "need one securityflag from nsILoadInfo to perform security checks");
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
|
|
// all good, found the right security flags
|
|
return NS_OK;
|
|
}
|
|
|
|
static bool SchemeIs(nsIURI* aURI, const char* aScheme)
|
|
{
|
|
nsCOMPtr<nsIURI> baseURI = NS_GetInnermostURI(aURI);
|
|
NS_ENSURE_TRUE(baseURI, false);
|
|
|
|
bool isScheme = false;
|
|
return NS_SUCCEEDED(baseURI->SchemeIs(aScheme, &isScheme)) && isScheme;
|
|
}
|
|
|
|
|
|
static bool IsImageLoadInEditorAppType(nsILoadInfo* aLoadInfo)
|
|
{
|
|
// Editor apps get special treatment here, editors can load images
|
|
// from anywhere. This allows editor to insert images from file://
|
|
// into documents that are being edited.
|
|
nsContentPolicyType type = aLoadInfo->InternalContentPolicyType();
|
|
if (type != nsIContentPolicy::TYPE_INTERNAL_IMAGE &&
|
|
type != nsIContentPolicy::TYPE_INTERNAL_IMAGE_PRELOAD &&
|
|
type != nsIContentPolicy::TYPE_IMAGESET) {
|
|
return false;
|
|
}
|
|
|
|
uint32_t appType = nsIDocShell::APP_TYPE_UNKNOWN;
|
|
nsINode* node = aLoadInfo->LoadingNode();
|
|
if (!node) {
|
|
return false;
|
|
}
|
|
nsIDocument* doc = node->OwnerDoc();
|
|
if (!doc) {
|
|
return false;
|
|
}
|
|
|
|
nsCOMPtr<nsIDocShellTreeItem> docShellTreeItem = doc->GetDocShell();
|
|
if (!docShellTreeItem) {
|
|
return false;
|
|
}
|
|
|
|
nsCOMPtr<nsIDocShellTreeItem> root;
|
|
docShellTreeItem->GetRootTreeItem(getter_AddRefs(root));
|
|
nsCOMPtr<nsIDocShell> docShell(do_QueryInterface(root));
|
|
if (!docShell || NS_FAILED(docShell->GetAppType(&appType))) {
|
|
appType = nsIDocShell::APP_TYPE_UNKNOWN;
|
|
}
|
|
|
|
return appType == nsIDocShell::APP_TYPE_EDITOR;
|
|
}
|
|
|
|
static nsresult
|
|
DoCheckLoadURIChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo)
|
|
{
|
|
// Bug 1228117: determine the correct security policy for DTD loads
|
|
if (aLoadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_DTD) {
|
|
return NS_OK;
|
|
}
|
|
|
|
nsresult rv = NS_OK;
|
|
|
|
nsCOMPtr<nsIPrincipal> loadingPrincipal = aLoadInfo->LoadingPrincipal();
|
|
uint32_t flags = nsIScriptSecurityManager::STANDARD;
|
|
if (aLoadInfo->GetAllowChrome()) {
|
|
flags |= nsIScriptSecurityManager::ALLOW_CHROME;
|
|
}
|
|
|
|
bool isImageInEditorType = IsImageLoadInEditorAppType(aLoadInfo);
|
|
|
|
// We don't have a loadingPrincipal for TYPE_DOCUMENT
|
|
if (aLoadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_DOCUMENT &&
|
|
!isImageInEditorType) {
|
|
rv = nsContentUtils::GetSecurityManager()->
|
|
CheckLoadURIWithPrincipal(loadingPrincipal,
|
|
aURI,
|
|
flags);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
}
|
|
|
|
// If the loadingPrincipal and the triggeringPrincipal are different, then make
|
|
// sure the triggeringPrincipal is allowed to access that URI.
|
|
nsCOMPtr<nsIPrincipal> triggeringPrincipal = aLoadInfo->TriggeringPrincipal();
|
|
if (loadingPrincipal != triggeringPrincipal && !isImageInEditorType) {
|
|
rv = nsContentUtils::GetSecurityManager()->
|
|
CheckLoadURIWithPrincipal(triggeringPrincipal,
|
|
aURI,
|
|
flags);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
}
|
|
return NS_OK;
|
|
}
|
|
|
|
static bool
|
|
URIHasFlags(nsIURI* aURI, uint32_t aURIFlags)
|
|
{
|
|
bool hasFlags;
|
|
nsresult rv = NS_URIChainHasFlags(aURI, aURIFlags, &hasFlags);
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
return hasFlags;
|
|
}
|
|
|
|
static nsresult
|
|
DoSOPChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo, nsIChannel* aChannel)
|
|
{
|
|
if (aLoadInfo->GetAllowChrome() &&
|
|
(URIHasFlags(aURI, nsIProtocolHandler::URI_IS_UI_RESOURCE) ||
|
|
SchemeIs(aURI, "moz-safe-about"))) {
|
|
// UI resources are allowed.
|
|
return DoCheckLoadURIChecks(aURI, aLoadInfo);
|
|
}
|
|
|
|
NS_ENSURE_FALSE(NS_HasBeenCrossOrigin(aChannel, true),
|
|
NS_ERROR_DOM_BAD_URI);
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
static nsresult
|
|
DoCORSChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo,
|
|
nsCOMPtr<nsIStreamListener>& aInAndOutListener)
|
|
{
|
|
MOZ_RELEASE_ASSERT(aInAndOutListener, "can not perform CORS checks without a listener");
|
|
|
|
// No need to set up CORS if TriggeringPrincipal is the SystemPrincipal.
|
|
// For example, allow user stylesheets to load XBL from external files
|
|
// without requiring CORS.
|
|
if (nsContentUtils::IsSystemPrincipal(aLoadInfo->TriggeringPrincipal())) {
|
|
return NS_OK;
|
|
}
|
|
|
|
nsIPrincipal* loadingPrincipal = aLoadInfo->LoadingPrincipal();
|
|
RefPtr<nsCORSListenerProxy> corsListener =
|
|
new nsCORSListenerProxy(aInAndOutListener,
|
|
loadingPrincipal,
|
|
aLoadInfo->GetCookiePolicy() ==
|
|
nsILoadInfo::SEC_COOKIES_INCLUDE);
|
|
// XXX: @arg: DataURIHandling::Allow
|
|
// lets use DataURIHandling::Allow for now and then decide on callsite basis. see also:
|
|
// http://mxr.mozilla.org/mozilla-central/source/dom/security/nsCORSListenerProxy.h#33
|
|
nsresult rv = corsListener->Init(aChannel, DataURIHandling::Allow);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
aInAndOutListener = corsListener;
|
|
return NS_OK;
|
|
}
|
|
|
|
static nsresult
|
|
DoContentSecurityChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo)
|
|
{
|
|
nsContentPolicyType contentPolicyType =
|
|
aLoadInfo->GetExternalContentPolicyType();
|
|
nsContentPolicyType internalContentPolicyType =
|
|
aLoadInfo->InternalContentPolicyType();
|
|
nsCString mimeTypeGuess;
|
|
nsCOMPtr<nsINode> requestingContext = nullptr;
|
|
|
|
switch(contentPolicyType) {
|
|
case nsIContentPolicy::TYPE_OTHER: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_SCRIPT: {
|
|
mimeTypeGuess = NS_LITERAL_CSTRING("application/javascript");
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_IMAGE: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_STYLESHEET: {
|
|
mimeTypeGuess = NS_LITERAL_CSTRING("text/css");
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_OBJECT:
|
|
case nsIContentPolicy::TYPE_DOCUMENT: {
|
|
MOZ_ASSERT(false, "contentPolicyType not supported yet");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_SUBDOCUMENT: {
|
|
mimeTypeGuess = NS_LITERAL_CSTRING("text/html");
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE,
|
|
"type_subdocument requires requestingContext of type Document");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_REFRESH: {
|
|
MOZ_ASSERT(false, "contentPolicyType not supported yet");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_XBL: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_PING: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_XMLHTTPREQUEST: {
|
|
// alias nsIContentPolicy::TYPE_DATAREQUEST:
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE,
|
|
"type_xml requires requestingContext of type Document");
|
|
|
|
// We're checking for the external TYPE_XMLHTTPREQUEST here in case
|
|
// an addon creates a request with that type.
|
|
if (internalContentPolicyType ==
|
|
nsIContentPolicy::TYPE_INTERNAL_XMLHTTPREQUEST ||
|
|
internalContentPolicyType ==
|
|
nsIContentPolicy::TYPE_XMLHTTPREQUEST) {
|
|
mimeTypeGuess = EmptyCString();
|
|
}
|
|
else {
|
|
MOZ_ASSERT(internalContentPolicyType ==
|
|
nsIContentPolicy::TYPE_INTERNAL_EVENTSOURCE,
|
|
"can not set mime type guess for unexpected internal type");
|
|
mimeTypeGuess = NS_LITERAL_CSTRING(TEXT_EVENT_STREAM);
|
|
}
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_OBJECT_SUBREQUEST: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::ELEMENT_NODE,
|
|
"type_subrequest requires requestingContext of type Element");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_DTD: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE,
|
|
"type_dtd requires requestingContext of type Document");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_FONT: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_MEDIA: {
|
|
if (internalContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_TRACK) {
|
|
mimeTypeGuess = NS_LITERAL_CSTRING("text/vtt");
|
|
}
|
|
else {
|
|
mimeTypeGuess = EmptyCString();
|
|
}
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::ELEMENT_NODE,
|
|
"type_media requires requestingContext of type Element");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_WEBSOCKET: {
|
|
MOZ_ASSERT(false, "contentPolicyType not supported yet");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_CSP_REPORT: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_XSLT: {
|
|
mimeTypeGuess = NS_LITERAL_CSTRING("application/xml");
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE,
|
|
"type_xslt requires requestingContext of type Document");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_BEACON: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE,
|
|
"type_beacon requires requestingContext of type Document");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_FETCH: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_IMAGESET: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_WEB_MANIFEST: {
|
|
mimeTypeGuess = NS_LITERAL_CSTRING("application/manifest+json");
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
default:
|
|
// nsIContentPolicy::TYPE_INVALID
|
|
MOZ_ASSERT(false, "can not perform security check without a valid contentType");
|
|
}
|
|
|
|
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
|
|
nsresult rv = NS_CheckContentLoadPolicy(internalContentPolicyType,
|
|
aURI,
|
|
aLoadInfo->LoadingPrincipal(),
|
|
requestingContext,
|
|
mimeTypeGuess,
|
|
nullptr, //extra,
|
|
&shouldLoad,
|
|
nsContentUtils::GetContentPolicy(),
|
|
nsContentUtils::GetSecurityManager());
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
if (NS_CP_REJECTED(shouldLoad)) {
|
|
return NS_ERROR_CONTENT_BLOCKED;
|
|
}
|
|
return NS_OK;
|
|
}
|
|
|
|
/*
|
|
* Based on the security flags provided in the loadInfo of the channel,
|
|
* doContentSecurityCheck() performs the following content security checks
|
|
* before opening the channel:
|
|
*
|
|
* (1) Same Origin Policy Check (if applicable)
|
|
* (2) Allow Cross Origin but perform sanity checks whether a principal
|
|
* is allowed to access the following URL.
|
|
* (3) Perform CORS check (if applicable)
|
|
* (4) ContentPolicy checks (Content-Security-Policy, Mixed Content, ...)
|
|
*
|
|
* @param aChannel
|
|
* The channel to perform the security checks on.
|
|
* @param aInAndOutListener
|
|
* The streamListener that is passed to channel->AsyncOpen2() that is now potentially
|
|
* wrappend within nsCORSListenerProxy() and becomes the corsListener that now needs
|
|
* to be set as new streamListener on the channel.
|
|
*/
|
|
nsresult
|
|
nsContentSecurityManager::doContentSecurityCheck(nsIChannel* aChannel,
|
|
nsCOMPtr<nsIStreamListener>& aInAndOutListener)
|
|
{
|
|
NS_ENSURE_ARG(aChannel);
|
|
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
|
|
|
|
if (!loadInfo) {
|
|
MOZ_ASSERT(false, "channel needs to have loadInfo to perform security checks");
|
|
return NS_ERROR_UNEXPECTED;
|
|
}
|
|
|
|
// if dealing with a redirected channel then we have already installed
|
|
// streamlistener and redirect proxies and so we are done.
|
|
if (loadInfo->GetInitialSecurityCheckDone()) {
|
|
return NS_OK;
|
|
}
|
|
|
|
// make sure that only one of the five security flags is set in the loadinfo
|
|
// e.g. do not require same origin and allow cross origin at the same time
|
|
nsresult rv = ValidateSecurityFlags(loadInfo);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
// since aChannel was openend using asyncOpen2() we have to make sure
|
|
// that redirects of that channel also get openend using asyncOpen2()
|
|
// please note that some implementations of ::AsyncOpen2 might already
|
|
// have set that flag to true (e.g. nsViewSourceChannel) in which case
|
|
// we just set the flag again.
|
|
rv = loadInfo->SetEnforceSecurity(true);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
if (loadInfo->GetSecurityMode() == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
|
|
rv = DoCORSChecks(aChannel, loadInfo, aInAndOutListener);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
}
|
|
|
|
rv = CheckChannel(aChannel);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
nsCOMPtr<nsIURI> finalChannelURI;
|
|
rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(finalChannelURI));
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
// Perform all ContentPolicy checks (MixedContent, CSP, ...)
|
|
rv = DoContentSecurityChecks(finalChannelURI, loadInfo);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
// now lets set the initalSecurityFlag for subsequent calls
|
|
rv = loadInfo->SetInitialSecurityCheckDone(true);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
// all security checks passed - lets allow the load
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsContentSecurityManager::AsyncOnChannelRedirect(nsIChannel* aOldChannel,
|
|
nsIChannel* aNewChannel,
|
|
uint32_t aRedirFlags,
|
|
nsIAsyncVerifyRedirectCallback *aCb)
|
|
{
|
|
nsCOMPtr<nsILoadInfo> loadInfo = aOldChannel->GetLoadInfo();
|
|
// Are we enforcing security using LoadInfo?
|
|
if (loadInfo && loadInfo->GetEnforceSecurity()) {
|
|
nsresult rv = CheckChannel(aNewChannel);
|
|
if (NS_FAILED(rv)) {
|
|
aOldChannel->Cancel(rv);
|
|
return rv;
|
|
}
|
|
}
|
|
|
|
// Also verify that the redirecting server is allowed to redirect to the
|
|
// given URI
|
|
nsCOMPtr<nsIPrincipal> oldPrincipal;
|
|
nsContentUtils::GetSecurityManager()->
|
|
GetChannelResultPrincipal(aOldChannel, getter_AddRefs(oldPrincipal));
|
|
|
|
nsCOMPtr<nsIURI> newURI;
|
|
aNewChannel->GetURI(getter_AddRefs(newURI));
|
|
nsCOMPtr<nsIURI> newOriginalURI;
|
|
aNewChannel->GetOriginalURI(getter_AddRefs(newOriginalURI));
|
|
|
|
NS_ENSURE_STATE(oldPrincipal && newURI && newOriginalURI);
|
|
|
|
const uint32_t flags =
|
|
nsIScriptSecurityManager::LOAD_IS_AUTOMATIC_DOCUMENT_REPLACEMENT |
|
|
nsIScriptSecurityManager::DISALLOW_SCRIPT;
|
|
nsresult rv = nsContentUtils::GetSecurityManager()->
|
|
CheckLoadURIWithPrincipal(oldPrincipal, newURI, flags);
|
|
if (NS_SUCCEEDED(rv) && newOriginalURI != newURI) {
|
|
rv = nsContentUtils::GetSecurityManager()->
|
|
CheckLoadURIWithPrincipal(oldPrincipal, newOriginalURI, flags);
|
|
}
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
aCb->OnRedirectVerifyCallback(NS_OK);
|
|
return NS_OK;
|
|
}
|
|
|
|
static void
|
|
AddLoadFlags(nsIRequest *aRequest, nsLoadFlags aNewFlags)
|
|
{
|
|
nsLoadFlags flags;
|
|
aRequest->GetLoadFlags(&flags);
|
|
flags |= aNewFlags;
|
|
aRequest->SetLoadFlags(flags);
|
|
}
|
|
|
|
/*
|
|
* Check that this channel passes all security checks. Returns an error code
|
|
* if this requesst should not be permitted.
|
|
*/
|
|
nsresult
|
|
nsContentSecurityManager::CheckChannel(nsIChannel* aChannel)
|
|
{
|
|
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
|
|
MOZ_ASSERT(loadInfo);
|
|
|
|
nsCOMPtr<nsIURI> uri;
|
|
nsresult rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
// Handle cookie policies
|
|
uint32_t cookiePolicy = loadInfo->GetCookiePolicy();
|
|
if (cookiePolicy == nsILoadInfo::SEC_COOKIES_SAME_ORIGIN) {
|
|
|
|
// We shouldn't have the SEC_COOKIES_SAME_ORIGIN flag for top level loads
|
|
MOZ_ASSERT(loadInfo->GetExternalContentPolicyType() !=
|
|
nsIContentPolicy::TYPE_DOCUMENT);
|
|
nsIPrincipal* loadingPrincipal = loadInfo->LoadingPrincipal();
|
|
|
|
// It doesn't matter what we pass for the third, data-inherits, argument.
|
|
// Any protocol which inherits won't pay attention to cookies anyway.
|
|
rv = loadingPrincipal->CheckMayLoad(uri, false, false);
|
|
if (NS_FAILED(rv)) {
|
|
AddLoadFlags(aChannel, nsIRequest::LOAD_ANONYMOUS);
|
|
}
|
|
}
|
|
else if (cookiePolicy == nsILoadInfo::SEC_COOKIES_OMIT) {
|
|
AddLoadFlags(aChannel, nsIRequest::LOAD_ANONYMOUS);
|
|
}
|
|
|
|
nsSecurityFlags securityMode = loadInfo->GetSecurityMode();
|
|
|
|
// CORS mode is handled by nsCORSListenerProxy
|
|
if (securityMode == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
|
|
if (NS_HasBeenCrossOrigin(aChannel)) {
|
|
loadInfo->MaybeIncreaseTainting(LoadTainting::CORS);
|
|
}
|
|
return NS_OK;
|
|
}
|
|
|
|
// Allow subresource loads if TriggeringPrincipal is the SystemPrincipal.
|
|
// For example, allow user stylesheets to load XBL from external files.
|
|
if (nsContentUtils::IsSystemPrincipal(loadInfo->TriggeringPrincipal()) &&
|
|
loadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_DOCUMENT &&
|
|
loadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_SUBDOCUMENT) {
|
|
return NS_OK;
|
|
}
|
|
|
|
// if none of the REQUIRE_SAME_ORIGIN flags are set, then SOP does not apply
|
|
if ((securityMode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS) ||
|
|
(securityMode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED)) {
|
|
rv = DoSOPChecks(uri, loadInfo, aChannel);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
}
|
|
|
|
if ((securityMode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS) ||
|
|
(securityMode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL)) {
|
|
if (NS_HasBeenCrossOrigin(aChannel)) {
|
|
loadInfo->MaybeIncreaseTainting(LoadTainting::Opaque);
|
|
}
|
|
// Please note that DoCheckLoadURIChecks should only be enforced for
|
|
// cross origin requests. If the flag SEC_REQUIRE_CORS_DATA_INHERITS is set
|
|
// within the loadInfo, then then CheckLoadURIWithPrincipal is performed
|
|
// within nsCorsListenerProxy
|
|
rv = DoCheckLoadURIChecks(uri, loadInfo);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
}
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
// ==== nsIContentSecurityManager implementation =====
|
|
|
|
NS_IMETHODIMP
|
|
nsContentSecurityManager::PerformSecurityCheck(nsIChannel* aChannel,
|
|
nsIStreamListener* aStreamListener,
|
|
nsIStreamListener** outStreamListener)
|
|
{
|
|
nsCOMPtr<nsIStreamListener> inAndOutListener = aStreamListener;
|
|
nsresult rv = doContentSecurityCheck(aChannel, inAndOutListener);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
inAndOutListener.forget(outStreamListener);
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsContentSecurityManager::IsOriginPotentiallyTrustworthy(nsIPrincipal* aPrincipal,
|
|
bool* aIsTrustWorthy)
|
|
{
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
NS_ENSURE_ARG_POINTER(aPrincipal);
|
|
NS_ENSURE_ARG_POINTER(aIsTrustWorthy);
|
|
|
|
if (aPrincipal->GetIsSystemPrincipal()) {
|
|
*aIsTrustWorthy = true;
|
|
return NS_OK;
|
|
}
|
|
|
|
// The following implements:
|
|
// https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
|
|
|
|
*aIsTrustWorthy = false;
|
|
|
|
if (aPrincipal->GetIsNullPrincipal()) {
|
|
return NS_OK;
|
|
}
|
|
|
|
MOZ_ASSERT(aPrincipal->GetIsCodebasePrincipal(),
|
|
"Nobody is expected to call us with an nsIExpandedPrincipal");
|
|
|
|
nsCOMPtr<nsIURI> uri;
|
|
aPrincipal->GetURI(getter_AddRefs(uri));
|
|
|
|
nsAutoCString scheme;
|
|
nsresult rv = uri->GetScheme(scheme);
|
|
if (NS_FAILED(rv)) {
|
|
return NS_OK;
|
|
}
|
|
|
|
// Blobs are expected to inherit their principal so we don't expect to have
|
|
// a codebase principal with scheme 'blob' here. We can't assert that though
|
|
// since someone could mess with a non-blob URI to give it that scheme.
|
|
NS_WARN_IF_FALSE(!scheme.EqualsLiteral("blob"),
|
|
"IsOriginPotentiallyTrustworthy ignoring blob scheme");
|
|
|
|
// According to the specification, the user agent may choose to extend the
|
|
// trust to other, vendor-specific URL schemes. We use this for "resource:",
|
|
// which is technically a substituting protocol handler that is not limited to
|
|
// local resource mapping, but in practice is never mapped remotely as this
|
|
// would violate assumptions a lot of code makes.
|
|
if (scheme.EqualsLiteral("https") ||
|
|
scheme.EqualsLiteral("file") ||
|
|
scheme.EqualsLiteral("resource") ||
|
|
scheme.EqualsLiteral("app") ||
|
|
scheme.EqualsLiteral("wss")) {
|
|
*aIsTrustWorthy = true;
|
|
return NS_OK;
|
|
}
|
|
|
|
nsAutoCString host;
|
|
rv = uri->GetHost(host);
|
|
if (NS_FAILED(rv)) {
|
|
return NS_OK;
|
|
}
|
|
|
|
if (host.Equals("127.0.0.1") ||
|
|
host.Equals("localhost") ||
|
|
host.Equals("::1")) {
|
|
*aIsTrustWorthy = true;
|
|
return NS_OK;
|
|
}
|
|
return NS_OK;
|
|
}
|